This invention relates to an electronic mail messaging system, and in particular to a system for sending messages to and receiving messages from a person electronically.
Electronic mail messaging programs, such as conventional email programs, are widely used. A problem with conventional email programs is that sent emails may be intercepted and read. There have been proposals to encrypt electronic mail messages using public key cryptography in which an asymmetric encryption algorithm is used. In particular, a public key associated with the recipient of an electronic mail message is used by the sender to encrypt the message. The resultant encrypted message can only be decrypted by using a private key which is different from the public key, with access to the private key being controlled by the recipient of the message.
Public key cryptography relies on the sender of the electronic mail message knowing that a public key is associated with a desired recipient. One way of achieving this is for cryptographic keys to be issued and verified by an encryption authority. However, this requires that any issued private keys are securely transmitted from the encryption authority to the associated clients of the encryption authority. One way of doing this is by sending to each client a respective transfer key which is used to encrypt the private key when in transit between the encryption authority and that client. By splitting the transfer key into parts and sending each part by a different transfer mechanism (e.g. sending one part using secure hyper-text transfer protocol to a network address and sending another part by email to an electronic mail address), the security of the transfer key is improved.
Most corporations have an internal computing system, generally formed by one or more local area networks (LANS). Many corporations want to keep track of electronic mail messages entering and leaving the internal computing system, for example to check for viruses and spam. This can be problematic for encrypted electronic messages.
According to the present invention, a key server is connected to a local area network and an encryption authority transfers cryptographic keys for clients of the local area network to the key server.
In an embodiment, the key server encrypts outgoing emails using the public keys for the recipients and decrypts internal emails using the private keys for the recipients. Preferably, the key server also digitally signs outgoing emails using the private keys for the senders in order to verify the integrity of the sent emails.
In another embodiment, the clients of the local area network download their respective private keys from the key server so that encryption operations may be performed by client software. Preferably, incoming and outgoing encrypted emails can still be routed to the key server for decryption and checking.
In a preferred embodiment, a public key for an electronic mail address is generated from a root public key and the electronic mail address itself, while the private key for the electronic mail address is calculated by the encryption authority using the electronic mail address and a root private key which is kept secret by the encryption authority. An advantage of such a system is that the public key for an electronic mail address can be calculated even if no private key has been issued, in which case on receiving an encrypted electronic mail message the recipient can apply to the encryption authority for the private key to decrypt it.